intel_dcap_api/client/
pck_crl.rs

1// SPDX-License-Identifier: Apache-2.0
2// Copyright (c) 2025 Matter Labs
3
4//! PCK Certificate Revocation List
5
6use super::ApiClient; // Import from parent module
7use crate::{
8    error::{check_status, IntelApiError},
9    responses::PckCrlResponse,
10    types::{CaType, CrlEncoding},
11};
12use reqwest::StatusCode;
13
14impl ApiClient {
15    /// GET /sgx/certification/{v3,v4}/pckcrl
16    /// Retrieves the PCK Certificate Revocation List (CRL) for a specified CA type.
17    ///
18    /// Optionally takes an `encoding` parameter indicating whether the CRL should be
19    /// returned as PEM or DER. Defaults to PEM if not specified.
20    ///
21    /// # Arguments
22    ///
23    /// * `ca_type` - The type of CA to retrieve the CRL for (e.g., "processor" or "platform").
24    /// * `encoding` - An optional [`CrlEncoding`] (PEM or DER).
25    ///
26    /// # Returns
27    ///
28    /// A [`PckCrlResponse`] containing the CRL data and the issuer chain.
29    ///
30    /// # Errors
31    ///
32    /// Returns an `IntelApiError` if the request fails or if the response status
33    /// is not `200 OK`.
34    /// Optional 'encoding' parameter ("pem" or "der").
35    /// Returns CRL data (PEM or DER) and Issuer Chain header.
36    pub async fn get_pck_crl(
37        &self,
38        ca_type: CaType,
39        encoding: Option<CrlEncoding>,
40    ) -> Result<PckCrlResponse, IntelApiError> {
41        let path = self.build_api_path("sgx", "", "pckcrl")?;
42        let mut url = self.base_url.join(&path)?;
43        url.query_pairs_mut()
44            .append_pair("ca", &ca_type.to_string());
45
46        if let Some(enc) = encoding {
47            url.query_pairs_mut()
48                .append_pair("encoding", &enc.to_string());
49        }
50
51        let request_builder = self.client.get(url);
52        let response = self.execute_with_retry(request_builder).await?;
53        let response = check_status(response, &[StatusCode::OK]).await?;
54
55        let issuer_chain = self.get_required_header(
56            &response,
57            "SGX-PCK-CRL-Issuer-Chain",
58            Some("SGX-PCK-CRL-Issuer-Chain"),
59        )?;
60
61        // Response body is PEM or DER CRL
62        let crl_data = response.bytes().await?.to_vec();
63
64        Ok(PckCrlResponse {
65            crl_data,
66            issuer_chain,
67        })
68    }
69}